[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: Pidgin crash
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-08-22 20:03:46
Message-ID: 52972005.217119.1314043426149.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]



----- Original Message -----
> 2011/8/22 Moritz Mühlenhoff <jmm@inutil.org>:
> > On Mon, Aug 22, 2011 at 02:55:34AM -0400, Huzaifa Sidhpurwala wrote:
> >> Hi Mark,
> >>
> >> >Hi! Would it be possible to issue a CVE for a new crash in Pidgin?
> >>
> >> >http://pidgin.im/news/security/?id=53
> >>
> >> Please use CVE-2011-2942 for this issue.
> >>
> >> Also looking at http://pidgin.im/news/security it seems two other
> >> security issues were also fixed in 2.10.0, do you want CVEs to be
> >> assigned for them as well?
> >
> > Please do. Since they're published in the form of upstream advisories
> > we'd like to properly track them in the Debian Security Tracker.
> 
> That's fine by me. As an upstream developer I don't feel like I have a
> strong incentive to obtain a CVE. But if it's helpful to packagers, than
> sure.
> 
> The two issues in question are discussed here:
> http://pidgin.im/news/security/?id=54

This is a MSN crash. Use CVE-2011-3184


> http://pidgin.im/news/security/?id=55
> 
> The second one only affects Pidgin on Microsoft Windows.
> 

Use CVE-2011-3185 for this.

Thanks.

-- 
    JB

[prev in list] [next in list] [prev in thread] [next in thread]